Configuration in AWS

The AWS Secrets Manager secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. The AWS Secrets Manager plugin allows you to access these secret from your pipeline.

Example AWS secret:

Security

Secrets are available to all repositories and all build events by default. We strongly recommend that you limit access to secrets by repository and build events.

Limit By Repository

You can use the X-Drone-Repos annotation to limit which repositories can access your AWS secrets. The annotation accepts a comma-separate list of glob patterns. If a repository name matches at least one of the patterns, it is granted access to the secret.

Limit By Event

You can use the X-Drone-Events annotation to limit which build events can access your AWS secrets. The annotation is a comma-separate list of events. If a build matches at least one of the events, it is granted access to the secret.